Google will force Android phone manufacturers to commit to regular security updates, the firm revealed on Friday.
As Google I/O comes to a close, the Android developer said it plans making the monthly updates a requirement as part of its agreement with OEMs.
While Google has long pushed phone makers to adopt these updates in the past, forced compliance will encourage companies to keep their end of the bargain.
The announcement is quite timely too. Just last month we learned some high profile manufacturers were issuing some security updates belatedly, skipping others, and even lying about providing them.
Remarkably, manufacturers like HTC, Sony and Samsung were occasionally guilty of the practice, while the likes of ZTE and TCL were serial offenders, according to Security Research Labs.
Now Google will be able to ensure manufacturers are ready to toe the line by building the pledge into the agreement for future versions, like the forthcoming Android P.
Speaking at an I/O session, David Kleidermacher, Google’s head of Android platform security, said the new policy will lead to a massive uptick in users receiving the latest fixes for bugs and vulnerabilities.
In comments reported by XDA Developers (via Engadget) Kleidermacher said: “We’ve also worked on building security patching into our OEM agreements. Now this will really… lead to a massive increase in the number of devices and users receiving regular security patches.” – David Kleidermacher, Google’s head of Android platform security.
There’s no additional details on the updated Android partner agreement just yet, but we might see it as the Android P release approaches this autumn.
Back in April the scale of deception over so-called ‘patch gaps’ alarmed many in the Android community.
“We find that there’s a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others,” SRL founder Karsten Nohl said.
“Sometimes these guys just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best.”
